Which is best candidate out of nrf52840 & nRF52832 for BluetoothMesh n/w for security point of view ?

RE: Which is best candidate out of nrf52840 & nRF52832 for BluetoothMesh n/w for security point of view ?

ovrebekk — Tue, 02 Jan 2018 14:18:24 GMT

The current implementation of Bluetooth mesh does not use the Cryptocell module, and we have no immediate plans of adding support for it. In other words, there are no changes to Bluetooth mesh security whether or not you use the nRF52840 or the nRF52832.

As you hint at in the comment the nRF52840 is overkill for many mesh applications, and we expect the nRF52832 to be a more popular choice.

We can implement all the security requirements of the Bluetooth mesh specification without it. The main advantage of using the Cryptocell when it's available is that the crypto algorithms run quicker, which can reduce latency and power consumption.
Since the radio is on continuously when using mesh the power consumption is pretty high already, and the improvements by using Cryptocell would most likely be marginal.

Best regards
Torbjørn Øvrebekk

RE: Which is best candidate out of nrf52840 & nRF52832 for BluetoothMesh n/w for security point of view ?

endnode — Wed, 27 Dec 2017 22:46:08 GMT

Yes, the summary fits my view. Still your comment "Bluetooth_SIG specification has take care of security inherently" indicates that you are taking too many assumptions about how real world attacks and securing embedded devices work, kind of foggy cloud named "security" (someone will put a stamp on it and voila it's solved;)... but maybe I'm totally wrong. Good luck!

RE: Which is best candidate out of nrf52840 & nRF52832 for BluetoothMesh n/w for security point of view ?

vikrant8051 — Wed, 27 Dec 2017 04:26:12 GMT

Your assumption is right. I am talking about latest Bluetooth_SIG Mesh Specification released in July 2017.

www.bluetooth.com/.../mesh-specifications

So in simple words, I can go with nrf52832 assuming Bluetooth_SIG specification has take care of security inherently.

Pricing of nrf52832 is surely less than nrf52840. Even Silvair like company is using nrf52832 for their product. So my goal is to finally launch product based on nRF52832 to save overall cost.

RE: Which is best candidate out of nrf52840 & nRF52832 for BluetoothMesh n/w for security point of view ?

endnode — Tue, 26 Dec 2017 21:40:14 GMT

ARM Cryptocell or Trustzone has pretty much nothing to do with BT SIG mesh network specification if this is your question. CC310 can help you to achieve two things: having certain crypo schemes with better performance (= computing crypto operations faster) and potentially design your FW securely (thanks to "privileged" mode when you can restrict which code will run on MCU at what moment - exclusively). However you can see implementations of BT SIG mesh on common ARM Cortex-M chips without any specific security features (or even on C51 8-bit clones) so it doesn't harm the functionality of "mash" itself. Btw. you haven't mentioned what mesh architecture/specification you are talking about so I assume you talk about BT SIG standardized mesh network but there are many others... again it indicates to me that you are more going for buzzwords and stickers then knowing exactly what you need.

RE: Which is best candidate out of nrf52840 & nRF52832 for BluetoothMesh n/w for security point of view ?

vikrant8051 — Mon, 25 Dec 2017 16:29:01 GMT

I don't know what to say on this !! Need help from person who has already worked with nrf52840's CryptoCell.

blog.bluetooth.com/bluetooth-mesh-security-overview

Is cryptocell necessary, even when #BluetoothMesh specification added different layers of security by default ?

RE: Which is best candidate out of nrf52840 & nRF52832 for BluetoothMesh n/w for security point of view ?

endnode — Mon, 25 Dec 2017 15:15:08 GMT

(3/3)

However there are no real implementations using ARM CC310 known on nRF52840 yet, Nordic are (logically) careful with any promises and if you google Trustzone vulnerabilities it seems that many real implementations are vulnerable to fairly common attacks. So it gives a hint that many people are just using it as sticker and values security by numbers of prays per day then understanding the backgrounds.

(btw. very similar could be said about the fancy mesh networking, Internet of Things and other stickers... most of real products don't need anything from that and very often it even makes the product worse;)

RE: Which is best candidate out of nrf52840 & nRF52832 for BluetoothMesh n/w for security point of view ?

endnode — Mon, 25 Dec 2017 15:11:52 GMT

That said let me explain how searching on this forum and internet works: you put word "cryptocell" or "Trustzone" to "Search" window in the header of this page or/and to www.google.com search box. You will immediately get dozens of hits which will tell you what ARM Cryptocell is and what it itsn't, how it might enhance security of your product but also what it cannot do (= e.g. doean't provide any additional temper resistance to HW design of the chip). Here is one example.

In a nutshell it provides two features which might be a good foundation to improve security of ARM Cortex-M product:

Crypto-processor which can provide HW accelerated performance to certain crypto primitives.
Few hooks to memory controller which should allow you to prevent execution of certain ode at certain time.

(2/3)

RE: Which is best candidate out of nrf52840 & nRF52832 for BluetoothMesh n/w for security point of view ?

endnode — Mon, 25 Dec 2017 15:04:58 GMT

That's part of the problem I'm afraid;) I don't want to be offensive or disrespectful but that's what I've learned in past 10 years about secure hardware/firmware design: if you don't know what these things mean already then it indicates that you are doing this for the first time. And if you are doing it for the first time then probability that you would do it right is very low. Secure design is not like usual things: you cannot do it "almost" good or "just a little mistake". Almost all mistakes lead to holes and almost every hole makes the whole design flawed. So my point was: if you don't know how ARM Cryptocell works and you hope in getting it from reading of this forum it is very unlikely it would help you to somehow significantly strengthen your FW design in your product. You need to have hardcore practitioners who understand the attacks you are trying to mitigate.

(1/3)

RE: Which is best candidate out of nrf52840 & nRF52832 for BluetoothMesh n/w for security point of view ?

vikrant8051 — Mon, 25 Dec 2017 14:20:38 GMT

Thanks for calling me silly :)

That means we should not launched final product in market which is based on nrf51, nrf52832, nrf52810 these SoCs if security of n/w is going to be concern.

www.nordicsemi.com/.../ARM-CryptoCell-310

I read this link but didn't understand. Please consider me noob & elaborate more about use of Arm CryptoCell. Is it encrypt firmware on flash memory for its host SoC ?

Is your Bluetooth mesh SDK v1.0.0 by default using ARM cryptocell features ? If NO, then how to enable & use it ?

RE: Which is best candidate out of nrf52840 & nRF52832 for BluetoothMesh n/w for security point of view ?

endnode — Mon, 25 Dec 2017 10:10:42 GMT

What do you expect? Someone saying "NO, the cryptocell is totally useless and it's more secure to go with product without it!"?????? Where you guys get these silly questions?;)

The answer surely is "yes, having ARM CC310 gives you better chance to implement your FW securely but if you screw something up no magic co-processor helps you".